bpnbat [-AddDomain | -RemoveDomain] Private_Domain
bpnbat [-AddMachine]
bpnbat [-AddUser | -RemoveUser] Name Private_Domain
bpnbat -Execute [-cf credential_file] command
bpnbat -GetBrokerCert Broker_Name Broker_Port
bpnbat -Login [-Info answer_file] [-cf credential_file]
bpnbat -LoginMachine
bpnbat -Logout [-cf credential_file]
bpnbat -RemoveBrokerCert server.name.com
bpnbat -RenewCred [-cf credential_file]
bpnbat -ShowBrokerCerts
bpnbat -ShowMachines
bpnbat -Version
bpnbat -WhoAmI [-cf credential_file] [-Verify]
On UNIX systems, the directory path to this command is /usr/openv/netbackup/bin/
On Windows systems, the directory path to this command is <install_path>\NetBackup\bin\
The bpnbat command is a tool that enables a user to use the Veritas Product Authentication and Authorization Service.
This service contains the following two distinct parts:
bpnbat enables a user to do authentication tasks from within NetBackup.
If a command needs a password, it doesn't echo the password or asterisks, which someone can use to narrow the password search space significantly.
NetBackup Access Control requires the user's home directories to work correctly.
You must have administrator privileges to run the following command options: -AddDomain, -RemoveDomain, -AddMachine, -AddUser, -RemoveUser, -LoginMachine, and -ShowMachines.
The -Info option lets you take the name, password, and domain information from an answer_file, and place the certificate in credential_file (if specified) or the default location. You can create an answer text file, so that you don't have to manually type the user name and password for logon.
<domain type> <domain> <username> <password>Where <domain type> is one of the following values:
NIS NIS+ NT vx unixpwdIf you use an answer file, ensure that the appropriate AUTHENTICATION_DOMAIN is configured on the server. See the NetBackup Security and Encryption Guide.
Specifies the identity you currently use within Veritas Product Authentication and Authorization Service. It lists the following:
Example 1 - The user uses -Login and the default port number to connect to the authentication broker that is called test.domain.veritas.com. (It is the server that handles the Authentication process.) An NIS account is used. Therefore, a domain name that is associated with the NIS account is provided in addition to a user and password.
# bpnbat -Login Authentication Broker: test.domain.veritas.com Authentication port[ Enter = default]: Authentication type (NIS, NISPLUS, WINDOWS, vx, unixpwd): NIS Domain: domain.veritas.com Name: username Password: You do not currently trust the server: test.domain.veritas.com, do you wish to trust it? (y/n): y Operation completed successfully.
Example 2 - The -WhoAmI option verifies the identity that you currently use within the Veritas Product Authentication and Authorization Service.
# bpnbat -WhoAmI Name: user name Domain: domain.veritas.com Issued by: /CN=broker/OU=root@eek.example.com/O=vx Expiry Date: Oct 27 20:57:43 2009 GMT Authentication method: NIS Operation completed successfully.
Example 3 - Add a computer to the computer identities list:
# bpnbat -AddMachine Machine Name: auto.domain.veritas.com Password: Operation completed successfully.
Next, it shows the computer identities list:
# bpnbat -ShowMachines auto.domain.veritas.com Operation completed successfully
Then it logs on a computer to a specified authentication broker:
# bpnbat -LoginMachine Does this machine use Dynamic Host Configuration Protocol (DHCP)? (y/n) n Authentication Broker: test.domain.veritas.com Authentication port[ Enter = default]: Name: auto.domain.veritas.com Password: Operation completed successfully.
Finally, you log into a computer to a specified authentication broker and a problem occurs:
If the user has a multi-NIC configuration or types the broker name incorrectly, a second prompt appears. It gives the user a second chance to enter the proper broker name. The following example assumes sleemanNB is a private NIC name. The public NIC name that Veritas Product Authentication and Authorization Service uses to build the authentication domain is sleeman.example.com. If a failure occurs using -loginmachine, the user has a second chance to enter an explicit primary hostname for the authentication broker. (Failures include a bad computer name, wrong password, or incorrect broker name.) Refer to the following example:
# bpnbat -LoginMachine Does this machine use Dynamic Host Configuration Protocol (DHCP)? (y/n) n Authentication Broker: sleemanNB Authentication port[ Enter = default]: Machine Name: challenger Password: Primary host name of broker: sleeman.example.com Operation completed successfully.
Example 4 - Obtain a broker certificate without authenticating to a broker. It expects a broker (test.domain.veritas.com) and a port (0 for default)
# bpnbat -GetBrokerCert test.domain.veritas.com 0 Operation completed successfully.
Example 5 - Lists all the brokers that the user currently trusts
# bpnbat -ShowBrokerCerts Name: root Domain: root@test.domain.veritas.com Issued by: /CN=root/OU=root@test.domain.veritas.com/O=vx Expiry Date: Jun 12 20:45:19 2006 GMT Authentication method: Veritas Private Security Name: root Domain: root@auto.domain.veritas.com Issued by: /CN=root/OU=root@auto.domain.veritas.com/O=vx Expiry Date: Feb 17 19:05:39 2006 GMT Authentication method: Veritas Private Security Operation completed successfully.
Example 6 - The -RemoveBrokerCert option removes a broker when the user no longer wants to trust it. In the following example, an authentication broker is moved to a different corporate division.
# bpnbat -RemoveBrokerCert test.domain.veritas.com Operation completed successfully.
The user can now use the -ShowBrokerCerts option to display current certificates. The previously removed certificate is no longer displayed.
Example 7 -Show how to use an answer file to supply logon information for automated commands (cron, etc.).
For UNIX: The UNIX NIS domain name is location.example.com, the user name in this domain is bgrable, and the password is hello456. The corresponding answer file for bpnbat -login must contain the following four lines:
NIS location.example.com bgrable hello456
If the answer file is located in /docs and is called login.txt, the bpnbat command executes as follows:
# bpnbat -login -info /docs/vslogin.txt
After the bpnbat -login command is run, commands like bpbackup can be run without authentication errors.
For Windows: The windows domain name is corporate, the user name in this domain is jsmith, and the user password is hello123. The corresponding answer file for bpnbat -login has to contain the following four lines:
NT corporate jsmith hello123
If the answer file is located in /docs and is called login.txt, the bpnbat command executes as follows:
# bpnbat -login -info c:\docs\vslogin.txt
After the bpnbat -login command is run, commands like bpbackup can be run without authentication errors.
bpnbaz